CN109525403A - A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method - Google Patents

A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method Download PDF

Info

Publication number
CN109525403A
CN109525403A CN201811638170.7A CN201811638170A CN109525403A CN 109525403 A CN109525403 A CN 109525403A CN 201811638170 A CN201811638170 A CN 201811638170A CN 109525403 A CN109525403 A CN 109525403A
Authority
CN
China
Prior art keywords
data
data block
block
file
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811638170.7A
Other languages
Chinese (zh)
Other versions
CN109525403B (en
Inventor
李艳平
吴姣姣
梁岩荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Yixin Technology Co.,Ltd.
Original Assignee
Shaanxi Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shaanxi Normal University filed Critical Shaanxi Normal University
Priority to CN201811638170.7A priority Critical patent/CN109525403B/en
Publication of CN109525403A publication Critical patent/CN109525403A/en
Application granted granted Critical
Publication of CN109525403B publication Critical patent/CN109525403B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Under the premise of protecting data confidentiality or privacy, the open integrality for proving outsourcing dynamic cloud storing data is always the focus of attention and difficult point of open cloud audit technique.The invention discloses a kind of anti-leakages for supporting the full dynamic parallel operation of user to disclose cloud auditing method.First, this data authentication structure of dynamic accumulators is introduced, realize no matter auditing by third party person carries out how many times audit and regardless of whether challenge block of auditing every time repeats, curious auditing by third party person can not obtain any data content about bag data outside cloud, the risk for dexterously having evaded leakage challenge data block privacy, reaches the function of anti-leaking data;Secondly, operating user remotely to the full dynamic parallel that outsourcing storing data is inserted into, deletes and is modified in conjunction with the dynamic Hash table and dynamic accumulators of double-strand, and have the function of that verifying dynamic updates whether operation correctly executes.

Description

A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method
Technical field
The invention belongs to the technical fields of outsourcing cloud storage data safety in cloud computing, are specifically mentioned based on dynamic accumulators A kind of anti-leakage for supporting user's dynamic operation out discloses cloud auditing method.
Background technique
Cloud storage is an important branch of cloud computing, allows data owner (Data Owner, DO) by remote data It is stored to cloud, and powerful outsourcing calculating and storage service are provided for user.In recent years, the processing increasingly powerful due to function Data are contracted out to cloud service provider by device, bandwidth resources abundant and flexible network connection, more and more client's selections (Cloud Server Provider, CSP), to mitigate the investment of the manpower and material resources such as local purchase hardware, data maintenance.Although This new data model storage is considered as a very promising service platform on internet, but the calculating of high concentration provides Source brings stern challenge in safety and aspect of performance to cloud storage.
Firstly, the physical control ability to data is just lost after data owner DO stores data into cloud, it is this The separation of data ownership and control, brings difficulty to management really.For data owner DO, how to determine that cloud takes It is to cause this ask one of the problem of most meriting attention that whether business device is complete, safely stores the data of data owner DO The actual cause of topic is as follows: (1) no matter cloud storage service provider CSP takes how reliable measure, can also lose once in a while because of software The reason of effect or hardware damage, loses data.Worse situation is, cloud storage service provider CSP may be for oneself benefit Benefit and determine these error in data are concealed to user.(2) cloud storage service provider CSP may abandon not visited mistake or very Accessed data less, to save memory space, and claim that these data are still already correctly stored on Cloud Server.Cause This, develops effective audit technique, and so that user is firmly believed that data are stored in safe and completely in remote cloud server is to Guan Chong It wants, how effectively core is remote validation data integrity.
Secondly, the scheme to solve the above problems is divided into two classes according to the difference of verifier: privately owned audit and public audit.It passes On system, only data owner DO oneself carries out privately owned audit agreement with cloud storage service provider CSP to check the complete of data Whole property is obtained the advantage of doing so is that data owner does not have to concern of data privacy by other auditing parties, the disadvantage is that related audit Data upload, dynamic updates and the needs such as the privately owned audit of data largely communicate and computing resource, this can make to communicate and calculate The data maintenance workload of the limited data owner DO of resource is very big, be easy to cause communication and the Calculation bottleneck of system.This Outside, allow data owner DO or cloud storage service provider CSP wherein a side execute entire audit process be also it is inappropriate, because The often mutual mistrust between data owner DO and cloud storage service provider CSP, can guarantee to provide from without a side Reliable and just auditing result.Therefore, an independent trusted third party audit person (Trusted Party can be introduced Auditor, TPA) replace data owner DO to verify the integrality of outsourcing cloud storage data and reliable with open interactive mode Property, that is, cloud audit technique is disclosed, and the main stream approach in cloud outsourcing data integrity check at present.
But there are still some stubborn problems are urgently to be resolved for public audit in cloud storage at present.First is how to guarantee Maintenance outsourcing cloud storage data to the confidentiality and secret protection of auditing by third party person TPA, although i.e. auditing by third party person TPA and Data storage side CSP has carried out multiple interactive data integrality audit agreement, can auditing by third party person TPA still can not be from connecing Any actual content of data owner DO data is obtained in the audit information received.Although encrypting outer bag data is protection outsourcing A kind of effective ways of cloud storage data confidentiality and privacy, but encrypted data can be to operation bands such as data dynamic updates Carry out big inconvenience, and if deal with improperly, auditing by third party person TPA, which remains unchanged, can obtain the privacy informations of outsourcing cloud storage data, Cause leakage of information accident.Second is that the data of outsourcing cloud storage will not be kept in entire data storage lifecycle one at not Become.In fact, data owner DO can execute dynamic operation to data file according to various actual demands and variation, such as modify, The data dynamic operations such as insertion, deletion.In fact, supporting that the dynamic operation of outsourcing cloud storage data is one in open cloud audit Very real demand.Therefore, it designs and a kind of discloses the open cloud auditing method of anti-leakage to cloud storage independently of data encryption System has important practical significance.
In order to guarantee data confidentiality and support dynamic auditing, document Ateniese G, Pietro R D, Mancini L V,et al.Scalable and efficient provable data possession[C].International Conference on Security&Privacy in CommunicationNetowrks,ACM,Istanbul,Turkey, No.9,2008. be put forward for the first time a kind of dynamic data property held prove (Dynamic Provable Data Possession, DPDP) agreement.But since this agreement in establishment stage needs to precalculate a certain number of metadata, so as to cause inquiry The number updated with data dynamic is limited, and this agreement does not support complete dynamic data manipulation, does not support especially in any position Set insertion data block (it only supports the insertion of addition type).Document Erway C,PapamanthouC, etal.Dynamic provable data possession[J].Acm Transactions on Information& System Security, 2015,17 (4): the initial data property held that 1-29. provides an extension proves (Provable Data Possession, PDP) model, and a dynamic PDP is proposed using the certification skip list (skip list) based on ranks Scheme supports the full dynamic data to operate.This scheme mainly provides the conventional method of dynamic data audit agreement construction, i.e., will move State data structure is combined with verification algorithm, and defect is heavy computation burden to be caused to server, is become so as to cause it Calculation bottleneck.Document Wang Q, Wang C, Ren K, et al.Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing[J].IEEE Transactions on Parallel&Distributed Systems, 2011,22 (5): 847-859. proposes another open cloud of typical dynamic Auditing method supports complete dynamic data manipulation using Merkel's Hash tree (Merkle Hash Tree, MHT), but this is assisted View requires cloud storage service provider CSP to the linear combination of auditing by third party person TPA transmission challenge data block, if third party Audit person TPA repeats selection identical challenges data block intentionally and obtains different linear combination values, is accumulating a certain amount of audit letter In the case where breath, exist the risk of the data content person TPA that is leaked to auditing by third party.For this point, document Wang C, Wang Q,Ren K,et al.Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing[C].2010 Proceedings IEEE INFOCOM,IEEE,San Diego, CA, USA, 2010. are by the way that by homomorphism authenticator and random mask technology, in conjunction with come the protection of realizing data-privacy, which can be with Ensuring auditing by third party, person TPA cannot obtain any actual content that user is stored in the cloud data.But both schemes exist The very high traffic can be all generated in update and verification process and calculates cost.Document Zhu Y, Wang H, Hu Z, et al.Dynamic audit services for integrity verification of outsourced storages in clouds[C].Acm Symposium on Applied Computing,ACM,TaiChung,Taiwan,pp.1550- 1557,2011. propose the dynamic public audit scheme based on index Hash table (Index Hash Table, IHT), and by rope Draw Hash table to be stored at trusted third party audit person TPA, rather than in cloud storage service provider CSP.Therefore, and before Scheme is compared, and this method reduce calculate cost and communication overhead.But since index Hash table is sequential structure, wherein inserting Enter and the update operation deleted will lead in table most elements to change, and the change of block sequence number also leads to data block Label recalculates, this makes insertion and delete operation very inefficient.This scheme applies random mask technology also to ensure Data confidentiality and privacy.Document Yang K, Jia X.An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing[J].IEEE Transactions on Parallel&Distributed Systems, 2013,24 (9): 1717-1726. is to the audit program based on index Hash table It improves, audit program is made to guarantee the confidentiality of data in the case where no random mask technology, but it is dynamic in scheme State operation or same index Hash table scheme equally will lead to recalculating for data block label, finally increase unnecessary communication And computing cost.Document Tian H, Chen Y, Chang C C, et al.Dynamic-Hash-Table Based Public Auditingfor Secure Cloud Storage[J].IEEE Transactions on Services Computing, 2017,10 (5): 701-714. is devised one kind and is disclosed based on the dynamic of dynamic Hash table (Dynamic Hash Table, DHT) Cloud is audited agreement, this agreement guarantees data confidentiality, and is updated in dynamic Hash table less in the time ratio IHT of operation. Shen Jian,Shen Jun,Chen X,et al.An Efficient Public Auditing Protocol With Novel Dynamic Structure for Cloud Data[J].IEEE Transactions on Information Forensics&Security, 2017,12 (10): 2402-2415. proposes a kind of public audit agreement, which constructs Double-strand information table (Doubly Linked Info Table, DLIT) and position battle array (Location Array, LA) form new Dynamic structure.Although the program optimizes the data structure for disclosing cloud audit agreement based on dynamic Hash table, without ensureing number According to the confidentiality of owner's data.
Summary of the invention
The open privacy concern for proving dynamic data safety and efficiency are always the concern heat of the open cloud audit of dynamic Point.The function that the dynamic of cloud storage public audit updates is effectively realized for greater safety, and the present invention has introduced dynamic accumulators This data authentication structure, and combine the dynamic Hash table of double-strand discloses and a kind of supports resisting for user's full dynamic parallel operation The open cloud auditing method of leaking data while realizing low communication expense, low computing cost, low storage overhead, also has more The function of newly verifying.The present invention realizes technical problem mentioned above by technical solution in detail below.Entire invention process It is related to tripartite's main body, cloud storage service provider CSP, data owner DO and auditing by third party person TPA.
Technical solution of the invention are as follows:
A kind of open cloud auditing method of anti-leakage, comprising the following steps:
1) it establishes
1.1) system parameter generates:
Cloud storage service provider CSP utilizes parameter generation algorithm ParamGen (1k)→(p,G,GT, g, e, H, N) and it generates System parameter cp simultaneously discloses system parameter generated, specifically:
System parameter cp=(p, G, GT, g, e, H, N), wherein Big prime p value is determined by security parameter k, G, GTIt is Rank is the multiplicative cyclic group of Big prime p, the generation member that g is multiplicative cyclic group G, e:G × G → GTIt is a bilinear map, H: {0,1}*→ G is the hash function of a cryptography safety, positive integer N < 2p
1.2) key generates:
Data owner DO utilizes key scheduleKey is generated, specifically Are as follows:
Select two random number α ← ZpWith random number γ ← Zp
U ← g is calculatedα, and then obtain private key sk=(alpha, gamma) and public key
Data owner's DO initialization value
Calculate open parameter
Open parameter pub;
2) it stores
2.1) storage prepares:
2.1.1) file block:
Data owner DO utilizes block algorithm FileSplit (F, n) → (d1,d2,…,dn) piecemeal is carried out to file F, Specifically:
File F is divided for n block { d1,d2,…,dn, wherein di∈ZpAnd di≤ N, i=1,2 ..., n, file F are expressed as F ={ d1,d2,…,dn, corresponding data block indexed set is combined into { 1,2 ..., n };
2.1.2) data block version information initializes:
Data owner DO creates all data blocks using data version information initialization algorithm VIGen (F) → (VI) Version information, specifically:
Version information the VI={ (v of data blocki,ti) | i=1,2 ..., n }, wherein viAnd tiRespectively indicate data block di's Version information and timestamp when establishing version information;
2.1.3 data block accumulated value) is generated:
Data owner DO utilizes accumulated value generating algorithm AccGen (F, pub) → accFCalculate the cumulative of all data blocks Value, specifically:
Calculate accumulated value
2.1.4 data block signature) is generated:
Data owner DO calculates all data blocks pair using signature generating algorithm SigGen (F, VI, sk, pub) → (Φ) The signature answered, specifically:
Calculate the signature
It enablesIndicate the corresponding signature set of all data blocks;
2.2) distribute:
Data owner DO is by file F={ d1,d2,…,dnAnd signature setIt is sent to cloud Storage service provider CSP, cloud storage service provider CSP correspond to sequential storage file F's and signature set Φ by data block Content;Data owner DO is by version information the VI={ (v of data block simultaneouslyi,ti) | i=1,2 ..., n } and accumulated valueVersion information is added to double-strand by the person TPA that is sent to auditing by third party, auditing by third party person TPA It is stored in dynamic Hash table, and the accumulated value acc of storing data blockF;Determine cloud storage service provider CSP and auditing by third party After person TPA is stored successfully, data owner DO retains acc from middle deletion { F, Φ, VI } is locally storedF
2.3) data block label is generated:
Cloud storage service provider CSP is generated each using data block label generating algorithm TagGen (F, pub) → (Ω) Data block diCorresponding labelWherein i=1,2 ..., n, specifically:
Calculate label
It enablesIndicate the corresponding tag set of all data blocks;
Cloud storage service provider CSP stores tag set Ω;
3) it audits
3.1) challenge request is generated:
Auditing by third party person TPA generates audit challenge using challenge request algorithm ChalGen (n, c) → chal, specifically:
Random picking in set { 1,2 ..., n } is indexed from the data block of file F and goes out c index, is denoted as chal={ s1, s2,…,sc}c≤n, cloud storage service provider CSP is sent to as challenge solicited message;
Here the audit phase of the invention person TPA that do not need auditing by third party is illustrated to carry out all data blocks The reason of integrity verification.Wherein verify data block number dependent on corrupt data ratio and verifying conclusion credible journey Degree.If the blocks of files total amount of data owner is very big, block is chosen and selection next time has been had little effect, while error number It is relatively low according to block ratio.If ρ is error data block ratio, p is that auditing by third party person detects cloud storage service provider CSP The probability of corrupt data, c are the quantity for needing the data block verified.So, relationship p=1- (1- ρ) is met between threec, no 1 is shown in Table with the data number of blocks for needing to verify under error ratio and different detection probabilities.When data block error rate is 1%, the Tripartite audit person only needs to audit 460 data blocks (regular auditing data block number), can be found with high probability 99% wrong Data block, this audit calculate cost and communication cost to substantially reduce, and reach received by data owner it is practical It is horizontal.It illustrates, in each inquiry, the selection of c data block is random.
The verify data block number of table 1 different error rates and verification and measurement ratio
3.2) evidence generates:
Cloud storage service provider CSP utilizes evidence generating algorithm ProofGen (F, Φ, Ω, chal, pub) → P, generates Integrality evidence P, specifically:
Cloud storage service provider CSP is as certifier, according to the file and its corresponding label being stored on its server Name set and tag set { F, Φ, Ω } and the challenge information chal={ s received1,s2,…,sc}c≤n, generate integrality card According to P=(ω, σ, τ), wherein
Then by integrality evidence P=(ω, σ, τ) as the integrity certification of the storing data person that is sent to auditing by third party TPA;
Need exist for the reason of further illustrating anti-leaking data of the invention.As shown in formula (1) and (2), each data Block di, djNumerical value generate member g index location on.Difficulty is solved it is assumed that third by discrete logarithm in Current Password Square audit person is the information that can not obtain data block by the value of ω and τ at all.And it is wrapped in the audit certification of most technologies at present Linear combination containing c challenge data block, this will lead to auditing by third party, and person TPA is repeating the accumulation c fixed number for challenging block After the evidence of amount, data block contents can be easily obtained by solving system of linear equations, to there is the wind of leak data block content Danger.In order to solve this problem, most of auditing methods pack challenge data block using random mask technology, to prevent third party Audit person TPA obtains the privacy of data, but this will increase additional computing cost and communication overhead.However, what the present invention used Method has cleverly evaded the risk, and this method itself has the good of the confidentiality and privacy for protecting outsourcing cloud storage data Property reaches the function of anti-leaking data.
3.3) proof validation:
Auditing by third party person TPA is carried out using verification algorithm ProofCheck (P, chal, VI, pk) → { TRUE/FALSE } Verifying, specifically:
Auditing by third party person TPA is corresponding to all data blocks of challenge according to the information VI in double-strand dynamic Hash table Version information calculates cryptographic Hash { H (vi||ti)|i∈chal};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third Whether square audit person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, and integrity verification is logical It crosses;Otherwise FALSE is exported, indicates authentication failed.
A kind of anti-leakage that supporting user's full dynamic parallel operation discloses cloud auditing method, comprising the following steps:
1) it establishes
1.1) system parameter generates:
Cloud storage service provider CSP utilizes parameter generation algorithm ParamGen (1k)→(p,G,GT, g, e, H, N) and it generates System parameter cp simultaneously discloses system parameter generated, specifically:
System parameter cp=(p, G, GT, g, e, H, N), wherein Big prime p value is determined by security parameter k, G, GTIt is Rank is the multiplicative cyclic group of Big prime p, the generation member that g is multiplicative cyclic group G, e:G × G → GTIt is a bilinear map, H: {0,1}*→ G is the hash function of a cryptography safety, positive integer N < 2p
1.2) key generates:
Data owner DO utilizes key scheduleKey is generated, specifically Are as follows:
Select two random number α ← ZpWith random number γ ← Zp
U ← g is calculatedα, and then obtain private key sk=(alpha, gamma) and public key
Data owner's DO initialization value
Calculate open parameter
Open parameter pub;
2) it stores
2.1) storage prepares:
2.1.1) file block:
Data owner DO utilizes block algorithm FileSplit (F, n) → (d1,d2,…,dn) piecemeal is carried out to file F, Specifically:
File F is divided for n block { d1,d2,…,dn, wherein di∈ZpAnd di≤ N, i=1,2 ..., n, file F are expressed as F ={ d1,d2,…,dn, corresponding data block indexed set is combined into { 1,2 ..., n };
2.1.2) data block version information initializes:
Data owner DO creates all data blocks using data version information initialization algorithm VIGen (F) → (VI) Version information, specifically:
Version information the VI={ (v of data blocki,ti) | i=1,2 ..., n }, wherein viAnd tiRespectively indicate data block di's Version information and timestamp when establishing version information;
2.1.3 data block accumulated value) is generated:
Data owner DO utilizes accumulated value generating algorithm AccGen (F, pub) → accFCalculate the cumulative of all data blocks Value, specifically:
Calculate accumulated value
2.1.4 data block signature) is generated:
Data owner DO calculates all data blocks pair using signature generating algorithm SigGen (F, VI, sk, pub) → (Φ) The signature answered, specifically:
Calculate the signature
It enablesIndicate the corresponding signature set of all data blocks;
2.2) distribute:
Data owner DO is by file F={ d1,d2,…,dnAnd signature setIt is sent to cloud Storage service provider CSP, cloud storage service provider CSP correspond to sequential storage file F's and signature set Φ by data block Content;Data owner DO is by version information the VI={ (v of data block simultaneouslyi,ti) | i=1,2 ..., n } and accumulated valueVersion information is added to double-strand by the person TPA that is sent to auditing by third party, auditing by third party person TPA It is stored in dynamic Hash table, and the accumulated value acc of storing data blockF;Determine cloud storage service provider CSP and auditing by third party After person TPA is stored successfully, data owner DO retains acc from middle deletion { F, Φ, VI } is locally storedF
2.3) data block label is generated:
Cloud storage service provider CSP is generated each using data block label generating algorithm TagGen (F, pub) → (Ω) Data block diCorresponding labelWherein i=1,2 ..., n, specifically:
Calculate label
It enablesIndicate the corresponding tag set of all data blocks;
Cloud storage service provider CSP stores tag set Ω;
3) dynamic updates: carrying out dynamic operation and updating related data to stored file F, obtains new file F' and right Related data after the update answered;
4) dynamic updates verifying: whether verifying cloud storage service provider CSP correctly performs the operation of data update.
Further, it is insertion data block that step 3) dynamic, which updates operation, specifically:
3.a1) insertion prepares:
3.a1.1) data owner DO determines the insertion data block in insertion file FNew file Formalization representation is F'=F ∪ D*;Data owner DO determines insertion position index set X and each position in file F It will be inserted into set Y composed by the quantity of data block later, wherein X is the subset X of the index set { 1,2 ..., n } of file F ={ i1,i2,…,ix, 1≤x≤m,It indicates that data block will be inserted into after each position in X Quantity, whereinAndIt specifically describes are as follows: in file F i-th1It is inserted into after blockA data block, i-th2It is inserted into after blockA data block ..., i-thxBlock after be inserted intoA data block;
3.a1.2) insertion data block D*Version information initialization:
Data owner DO utilizes data version information initialization algorithm VIGen (D*)→(VI*) all insertion data of creation The corresponding version information of blockWhereinWithRespectively indicate insertion data blockVersion letter Timestamp when ceasing and establishing version information;
3.a1.3) more new data block accumulated value:
Data owner DO utilizes insertion data block D*Be stored in local original accumulated value accFIt calculates and updates accumulated value
3.a1.4) generate insertion data block signature:
Data owner DO utilizes signature generating algorithm SigGen (D*,VI*,sk,pub)→(Φ*) calculate all insert numbers According to the corresponding signature of block, signatureIt enablesIt indicates The corresponding signature set of all insertion data blocks;
3.a2) insertion request:
Data owner DO sends insertion request message U to cloud storage service provider CSPCSP=(insert, X, Y, D*, Φ*), and another insertion request message U is sent to auditing by third party person TPATPA=(insert, X, Y, VI*,accF'), wherein Insert indicates insertion operation request;
3.a3) insertion updates:
3.a3.1) update double-strand dynamic Hash table and accumulated value:
Auditing by third party person TPA receives insertion request message UTPA=(insert, X, Y, VI*,accF') after, it will be inserted into The version information VI of data block*Opsition dependent, which is added in the dynamic Hash table of double-strand, to be stored, double-strand dynamic Hash after being updated Table, enabling the new data block version information of storage is VI'=VI ∪ VI*;And with update accumulated value accF'Replace original accumulated value accF
3.a3.2) update file set:
Receiving request UCSP=(insert, X, Y, D**) after, cloud storage service provider CSP according to insertion require and Data block order willInsertion storage is carried out, i.e., in file F i-th1It is inserted into after blockA data block, i2It is inserted into after blockA data block ..., i-thxBlock after be inserted intoA data block, wherein the data block being inserted into according toSequence, and export new file F'=F ∪ D*
3.a3.3) update tag set:
Cloud storage service provider CSP updates the label of all data blocks and storage in original F, benefit using formula (3) Label and the storage of all new insertion data blocks are calculated with formula (4):
It enablesIndicate that all data blocks for updating file F' are corresponding Tag set;
3.3a.4) update signature set:
Cloud storage service provider CSP will be inserted into the corresponding signature of data blockBy insertion requirement It is added in signature set, enables new signature set Φ '=Φ ∪ Φ*
Further, it is to delete data block that step 3) dynamic, which updates operation, specifically:
It 3.b1) deletes and prepares:
Data owner DO determines the data block location index set X deleted from file F, and wherein X is the position of file F The subset of index set { 1,2 ..., n }, X={ i1,i2,…,im, m≤n is specifically described are as follows: will delete the i-th of file F1Block Data block, i-th2Block data block ..., i-thmBlock data block;
3.b2) removal request:
Data owner DO sends deletion request message U to cloud storage service provider CSPCSP=(delete, X), and to Auditing by third party person TPA sends another deletion request messageWherein delete indicates that delete operation is asked It asks;
It 3.b3) returns and deletes data block:
Deletion set of data blocks is enabled to be combined intoCloud storage service provider CSP is receiving removal request Message UCSPAfter=(delete, X), is returned to data owner DO and delete data block setI.e. I-th1Block data blockI-th2Block data block..., i-thmBlock data blockNew document form be expressed as F'=F D#
It 3.b4) deletes and updates
3.b4.1) more new data block accumulated value:
The deletion data block set that data owner DO utilizes cloud storage service provider CSP to returnBe stored in local original accumulated value accFIt calculates and updates accumulated valueAnd send secondary deletion request messageGive auditing by third party person TPA;
3.b4.2) update double-strand dynamic Hash table and accumulated value:
Auditing by third party person TPA receives deletion request messageWith secondary deletion request messageLater, by corresponding position X={ i1,i2,…,imVersion information deleted from double-strand dynamic Hash table It removes, obtains updated double-strand dynamic Hash table, wherein enabling the new data block version information of storage beAnd with update accumulated value accF'Replace original accumulated value accF
3.b4.3) update tag set:
Receiving deletion request message UCSPAfter=(delete, X), cloud storage service provider CSP utilizes deleted data BlockThe label of all data blocks and storage in new file F' are updated using formula (5):
Enable the new tag set of all data blocks in new file F'
3.b4.4) update file set:
Cloud storage service provider CSP deletes corresponding position X={ i in file F1,i2,…,imData blockNew file F'=F D#
3.b4.5) update signature set:
Cloud storage service provider CSP deletes the signature of corresponding position, obtains signature set newly
Further, it is modification data block that step 3) dynamic, which updates operation, specifically:
3.c1) modification prepares:
3.c1.1) data owner DO determines the location index set X in file F by modification data block, and wherein X is file Subset X={ i of the location index set { 1,2 ..., n } of F1,i2,…,im, m≤n;Data owner DO determines these simultaneously The modified data block set in positionIt specifically describes are as follows: the i-th of modification file F1Block data block isI-th2Block data block is..., i-thmBlock data block is
Data block D after 3.c1.2) modifying*Version information initialization: data owner DO utilize data version information at the beginning of Beginningization algorithm VIGen (D*)→(VI*) create the corresponding version information of data block after all modificationsWhereinWithRespectively indicate data block after modifyingVersion information and establish version Timestamp when information;
3.c1.3) generate modification data block signature:
Data owner DO utilizes signature generating algorithm SigGen (D*,VI*,sk,pub)→(Φ*) calculate all modifications after The corresponding signature of data block, signatureIt enables The corresponding signature set of data block after expression all modifications;
3.c2) modification request:
Data owner DO sends modification request message U to cloud storage service provider CSPCSP=(modify, X, D*, Φ*), and another modification request message is sent to auditing by third party person TPAWherein modify Indicate modification operation requests;
3.c3) return to data block before modifying:
Cloud storage service provider CSP is receiving modification request message UCSP=(modify, X, D**) after, to data The data block of owner DO return corresponding position, i.e., i-th1Block data blockI-th2Block data block..., i-thmBlock data blockSet of data blocks before enabling modification is combined intoThat is cloud storage service provider CSP is to data owner DO is returnedNew document form be expressed as F'=(F D^)∪D*
3.c4) modification updates
3.c4.1) more new data block accumulated value:
Data owner DO is according to data block set before modifyingData block after modificationAnd it is stored in local original accumulated value accFIt calculates and updates accumulated valueAnd send secondary modification request messageTo auditing by third party Person TPA;
3.c4.2) update double-strand dynamic Hash table and accumulated value:
Auditing by third party person TPA receives modification request messageWith secondary modification request messageLater, by corresponding position X={ i in double-strand dynamic Hash table1,i2,…,imVersion information useReplacement, obtains updated double-strand dynamic Hash table, enables modified data block set Corresponding version information isAnd with update accumulated value accF'It replaces original cumulative Value accF
3.c4.3) update tag set:
Receiving modification request message UCSP=(modify, X, D**) after, cloud storage service provider CSP is according to modification Preceding data block setWith data block set after modificationUsing formula (6) It updates all data block labels that do not modified in new file F' and stores, formula (7) is recycled to calculate modified data block Label and storage:
All data block tag sets for enabling new file F' are
3.c4.4) update file set:
Position in file F is X={ i by cloud storage service provider CSP1,i2,…,imData blockIt is revised asNew file F'=(F D^)∪D*
3.c4.5) update signature set:
Cloud storage service provider CSP is usedThe signature for replacing corresponding position data block, obtains newly Signature set
Further, whether step 4) verifying cloud storage service provider CSP correctly performs the operation of data update, tool Body includes:
4.1) challenge request is generated:
Enable the data block total block data of new file F' for M, auditing by third party person TPA utilization challenge request algorithm ChalGen (M, C) → chal indexes random picking in set { 1,2 ..., M } from the data block of file F' and goes out c index, is denoted as chal={ s1, s2,…,sc}c≤M, cloud storage service provider CSP is sent to as challenge solicited message, wherein this c challenge index is random It generates, can not include the data block once challenged;
4.2) evidence generates:
Cloud storage service provider CSP using evidence generating algorithm ProofGen (F', Φ ', Ω ', chal, pub) → P, Audit evidence P is generated, specifically:
Cloud storage service provider CSP is as certifier, according to the file F' that is stored on its server and its corresponding Challenge information chal={ the s for updating signature set and tag set { F', Φ ', Ω ' } and receiving1,s2,…,sc}c≤M, generate It updates experimental evidence P=(ω, σ, τ), wherein
Then evidence P=(ω, σ, τ) is executed as dynamic operation proves the person TPA that is sent to auditing by third party;
4.3) proof validation:
Auditing by third party person TPA using verification algorithm ProofCheck (P, chal, VI', pk) → { TRUE/FALSE } into Row verifying, specifically:
Auditing by third party person TPA is using the information VI' in double-strand dynamic Hash table after updating to all data blocks of challenge Corresponding version information calculates cryptographic Hash { H (vi||ti)|i∈chal};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third Whether square audit person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, cloud storage service mentions Dynamic is performed as required for quotient CSP updates operation;Otherwise FALSE is exported, indicates cloud storage service provider CSP not as required It executes dynamic and updates operation.
Beneficial effect possessed by the present invention
1, public audit.The present invention supports trusted third party to audit, and can provide reliable auditing result.
2, anti-leakage.Audit phase of the invention does not need auditing by third party, and person TPA has carried out all data blocks Integrity verification, but use the integrality and correctness of the entire file of probabilistic policy validation, i.e., small part number is selected at random It throws down the gauntlet inquiry according to block, this will greatly reduce the computing cost and communication overhead of audit.Particularly, it is different from tradition based on same The certification of state signature, the present invention have evaded leakage challenge number using this novel data authentication clever structure of dynamic accumulators According to the risk of block privacy.This method inherently has the confidentiality of protection outsourcing cloud storage data and the good nature of privacy, Reach the function of anti-leaking data.
3, dynamic updates.The present invention provides the full dynamic more new function to the insertion of cloud Audit data block, deletion and modification, and Support multiple data block parallel work-flows.Meanwhile after dynamic update occurs, auditing by third party person TPA executes primary " challenge-sound Answer " process can check cloud service provider CSP whether by the requirement of data owner DO correctly perform data update behaviour Make.
4, function admirable.The present invention is by experiment simulation and analysis, it can be seen that the method for the present invention property compared with prior art Can be more excellent, realize low communication expense, low computing cost, low storage overhead.
Detailed description of the invention
Fig. 1 is system model figure of the invention;
Fig. 2 is the double-strand dynamic Hash table schematic diagram of TPA storage in the present invention;
Fig. 3 is that TPA is inserted into data block schematic diagram in double-strand dynamic Hash table in the present invention;
Fig. 4 is that TPA deletes data block schematic diagram in double-strand dynamic Hash table in the present invention;
Fig. 5 is that TPA modifies data block schematic diagram in double-strand dynamic Hash table in the present invention;
Fig. 6 is the method for the present invention figure compared with the prior art is in the traffic that memory phase generates;
Fig. 7 is the method for the present invention figure compared with the prior art is in the traffic that audit phase generates;
Figure compared with Fig. 8 is the calculating cost of the method for the present invention and the prior art needed for memory phase;
Fig. 9 is the method for the present invention figure compared with calculating cost when prior art CSP generates evidence;
Figure compared with Figure 10 is calculating cost of the method for the present invention when prior art TPA experimental evidence.
Specific embodiment
System model of the invention is made of three entities, i.e. cloud storage service provider CSP, data owner DO and Tripartite audit person TPA, as shown in Figure 1.Specific embodiment of the invention is further described with reference to the accompanying drawing.
Embodiment 1: file storage and audit
1) it establishes
1.1) system parameter generates:
Cloud storage service provider CSP utilizes parameter generation algorithm ParamGen (1k)→(p,G,GT, g, e, H, N) and it generates System parameter cp simultaneously discloses system parameter generated, specifically:
Cloud storage service provider CSP selects a suitable prime generation algorithm first, and is generated according to security parameter k Big prime p, so that the binary bits length of prime number p is more than or equal to k;
Secondly, randomly choosing the multiplicative cyclic group G and G of two p ranks under PBC password lab environmentT, and selected multiplication loop The generation member g of group G, stipulated that a bilinear map e:G × G → GT
Then, the hash function H that an anti-strong collision is selected using Cryptopp cryptographic libraries, such as MD5 algorithm or SHA1 Algorithm is inputted the binary string of random length as function, and is exported as any one value in multiplicative cyclic group, formalization It is expressed as H:{ 0,1 }*→ G, wherein the anti-strong collision expression can not find in the hash function domain logarithm m ≠ M' makes H (m)=H (m');
Finally, the positive integer N < 2 determined according to open parameter pp, specifically, select Integer N=20.
To sum up, cloud storage service provider CSP discloses system parameter cp=(p, G, GT,g,e,H,20)。
1.2) key generates:
Data owner DO utilizes key scheduleKey is generated, specifically Are as follows:
Select two random number α ← ZpWith random number γ ← Zp
U ← g is calculatedα
It obtains private key sk=(alpha, gamma), and public keyFor
Data owner's DO initialization value
Calculate open parameter
Open parameter pub;
2) it stores
2.1) storage prepares:
2.1.1) file block:
Data owner DO utilizes block algorithm FileSplit (F, n) → (d1,d2,…,dn) piecemeal is carried out to file F, Specifically:
It is 10 pieces of { d by file F points1,d2,…,d10, and the specific decimal value of each data block is as shown in table 1, i.e. F ={ 2,3,6,13,5,4,8,11,15,7 }, wherein di∈ZpAnd wherein di∈ZpAnd di≤ 20, i=1,2 ..., 10, corresponding data Block indexed set is combined into { 1,2 ..., 10 };
The decimal value of 10 file blocks in 1 specific example of table
2.1.2) data block version information initializes:
Data owner DO creates all data blocks using data version information initialization algorithm VIGen (F) → (VI) Version information, specifically:
Version information the VI={ (v of data blocki,ti) | i=1,2 ..., 10 }, wherein viAnd tiRespectively indicate data block di's Version information and timestamp when establishing version information;
2.1.3 data block accumulated value) is generated:
Data owner DO utilizes accumulated value generating algorithm AccGen (F, pub) → accFCalculate the cumulative of all data blocks Value, specifically:
For storage file F={ d1,d2,…,d10, data owner DO calculates its accumulated value according to pubSpecifically such as formula (1):
2.1.4 data block signature) is generated:
Data owner DO calculates all data blocks pair using signature generating algorithm SigGen (F, VI, sk, pub) → (Φ) The signature answered, specifically:
Calculate the signature
It enablesIndicate the corresponding signature set of all data blocks;
2.2) distribute:
Data owner DO is by file F={ d1,d2,…,d10And signature setIt is sent to cloud Storage service provider CSP, cloud storage service provider CSP are corresponded to the content of sequential storage F and Φ by data block;Data simultaneously Owner DO is by version information the VI={ (v of data blocki,ti) | i=1,2 ..., 10 } and accumulated value accFThird party is sent to examine Version information is added in the dynamic Hash table of double-strand by meter person TPA, auditing by third party person TPA to be stored, as shown in Fig. 2, and depositing Store up the accumulated value acc of data blockF;After determining that cloud storage service provider CSP and auditing by third party person TPA are stored successfully, data Owner DO retains acc from middle deletion { F, Φ, VI } is locally storedF
2.3) generate data block label:
Cloud storage service provider CSP is generated each using data block label generating algorithm TagGen (F, pub) → (Ω) Data block diCorresponding labelWherein i=1,2 ..., 10, specifically:
Calculate labelSpecifically, data block d1LabelMeter It calculates as shown in formula (2), similarly, calculates the label of each data blockAs a result as shown in table 2 below;
It enablesIndicate the corresponding tag set of all data blocks;
Cloud storage service provider CSP stores tag set
The tag representation of 10 data blocks in 2 specific example of table
3) it audits
3.1) challenge request is generated:
Auditing by third party person TPA generates audit challenge using challenge request algorithm ChalGen (n, c) → chal, specifically:
Random picking in set { 1,2 ..., 10 }, which is indexed, from the data block of file F goes out 2 indexes, auditing by third party person TPA Challenge the 3rd piece of data block of inquiry and the 7th piece of data block check the integrality and correctness of entire file, be denoted as chal=3, 7 }, cloud storage service provider CSP is sent to as challenge solicited message;
3.2) evidence generates:
Cloud storage service provider CSP utilizes evidence generating algorithm ProofGen (F, Φ, Ω, chal, pub) → P, generates Integrality evidence P, specifically:
Cloud storage service provider CSP is as certifier, according to the file and its corresponding label being stored on its server Name set and tag set { F, Φ, Ω } and the challenge information chal={ 3,7 } received, generation integrality evidence P=(ω, σ,τ);Wherein
Then by integrality evidence P=(ω, σ, τ) as the integrity certification of the storing data person that is sent to auditing by third party TPA;
3.3) proof validation:
Auditing by third party person TPA is carried out using verification algorithm ProofCheck (P, chal, VI, pk) → { TRUE/FALSE } Verifying, specifically:
Auditing by third party person TPA is corresponding to all data blocks of challenge according to the information VI in double-strand dynamic Hash table Version information calculates cryptographic Hash { H (vi||ti) | i ∈ chal }, i.e. { H (v3||t3),H(v7||t7)};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third Whether square audit person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, and integrity verification is logical It crosses;Otherwise FALSE is exported, indicates authentication failed.
Embodiment 2: dynamic update is carried out on the basis of original storage file and is verified: insertion data block
2.1) insertion prepares:
2.1.1) data owner DO determines the insertion data block d in insertion file F*=12, new document formization indicates For F'=F ∪ { d*}={ 2,3,6,13,12,5,4,8,11,15,7 }, remember D*={ d*}={ 12 };Data owner DO is determined Set composed by the quantity of data block will be inserted into after insertion position index set X={ 5 } and each position in file F Y={ 1 }, wherein X is the subset of the index set { 1,2 ..., 10 } of file F, and Y={ 1 } will after indicating each position in X It is inserted into the quantity of data block, this example specifically describes are as follows: 1 data block is inserted into after the 5th piece of data block of file F;
2.1.2) it is inserted into data block D*Version information initialization:
Data owner DO utilizes data version information initialization algorithm VIGen (D*)→(VI*) creation insertion data block pair The version information VI answered*={ (v*,t*), wherein v*And t*Respectively indicate insertion data block d*Version information and establish version letter Timestamp when breath;
2.1.3) more new data block accumulated value:
Data owner DO utilizes insertion data block D*Be stored in local original accumulated value accFIt calculates and updates accumulated value
2.1.4 insertion data block signature) is generated:
Data owner DO utilizes signature generating algorithm SigGen (D*,VI*,sk,pub)→(Φ*) calculate all insert numbers According to the corresponding signature of block, signatureIt enablesIndicate the corresponding signature collection of insertion data block It closes;
2.2) insertion request:
Data owner DO sends insertion request message U to cloud storage service provider CSPCSP=(insert, X, Y, D*, Φ*), i.e.,And another insertion request message U is sent to auditing by third party person TPATPA= (insert,X,Y,VI*,accF'), i.e. UTPA=(insert, 5,1, VI*,accF'), wherein insert indicates that insertion operation is asked It asks;
2.3) insertion updates:
2.3.1 double-strand dynamic Hash table and accumulated value) are updated:
Auditing by third party person TPA receives insertion request message UTPA=(insert, 5,1, VI*,accF') after, it will be inserted into The version information VI of data block*={ (v*,t*) opsition dependent is added in the dynamic Hash table of double-strand and stores, as shown in figure 3, Double-strand dynamic Hash table after to update, enabling the new data block version information of storage is VI'=VI ∪ VI*;And with update accumulated value accF'Replace original accumulated value accF
2.3.2 file set) is updated:
Receiving requestAfterwards, cloud storage service provider CSP according to insertion require and Data block order is by D*={ d*}={ 12 } carry out insertion storage, i.e., 1 data block is inserted into after the 5th piece of data block of file F d*=12, and export new file F'=F ∪ D*
2.3.3 tag set) is updated:
Cloud storage service provider CSP updates the label of all data blocks and storage in original F, tool using formula (3) Body, as formula (4) calculate the 1st data block d in original1New label, similarly, remainder data block update status such as table Shown in 3;Label and the storage of new insertion data block are calculated using formula (5):
It enablesIndicate the corresponding tag set of all data blocks of update file F';
The tag update of 10 data blocks indicates in original F in 3 specific example of table
2.3.4 signature set) is updated:
Cloud storage service provider CSP will be inserted into the corresponding signature of data blockIt is added to label by insertion requirement In name set, new signature set is enabled
2.4) insertion verifying: whether verifying cloud storage service provider CSP correctly performs the operation of data insertion
2.4.1 challenge request) is generated:
The data block total block data for enabling new file F' is M=11, and auditing by third party person TPA utilizes challenge request algorithm ChalGen (11, c) → chal indexes random picking in set { 1,2 ..., 11 } from the data block of file F' and goes out c index, remembers For chal={ s1,s2,…,sc}c≤11, cloud storage service provider CSP is sent to as challenge solicited message, wherein this c Challenge index is random to be generated, and can not include the data block once challenged;
2.4.2) evidence generates:
Cloud storage service provider CSP using evidence generating algorithm ProofGen (F', Φ ', Ω ', chal, pub) → P, Audit evidence P is generated, specifically:
Cloud storage service provider CSP is as certifier, according to the file F' that is stored on its server and its corresponding Challenge information chal={ the s for updating signature set and tag set { F', Φ ', Ω ' } and receiving1,s2,…,sc}c≤11, raw At update experimental evidence P=(ω, σ, τ), wherein
Then evidence P=(ω, σ, τ) is executed as dynamic insertion operation proves the person TPA that is sent to auditing by third party;
2.4.3) proof validation:
Auditing by third party person TPA using verification algorithm ProofCheck (P, chal, VI', pk) → { TRUE/FALSE } into Row verifying, specifically:
Auditing by third party person TPA is according to the information VI' after update in double-strand dynamic Hash table to all data blocks of challenge Corresponding version information calculates cryptographic Hash { H (vi||ti)|i∈chal};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third Whether square audit person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, cloud storage service mentions Dynamic insertion is performed as required for quotient CSP updates operation;Otherwise FALSE is exported, indicates that cloud storage service provider CSP is not pressed It is required that executing dynamic insertion updates operation.
Embodiment 3: dynamic update is carried out on the basis of original storage file and is verified: deleting data block
3.1) it deletes and prepares:
Data owner DO determines data block location index set X={ 6 } deleted from file F, and wherein X is file F Location index set { 1,2 ..., n } subset, specifically describe are as follows: will delete file F the 6th piece of data block;
3.2) removal request:
Data owner DO sends deletion request message U to cloud storage service provider CSPCSP=(delete, X), i.e., UCSP=(delete, 6), and another deletion request message is sent to auditing by third party person TPAI.e.Wherein delete indicates delete operation request;
3.3) it returns and deletes data block:
Deletion set of data blocks is enabled to be combined into D#={ d6}={ 4 }, cloud storage service provider CSP is receiving deletion request message UCSPAfter=(delete, 6), is returned to data owner DO and delete data block set D#={ d6}={ 4 }, i.e. the 6th block number evidence Block d6=4;New document form be expressed as F'=F { d6}={ 2,3,6,13,5,8,11,15,7 };
3.4) it deletes and updates:
3.4.1) more new data block accumulated value:
The deletion data block set D that data owner DO utilizes cloud storage service provider CSP to return#={ d6}={ 4 } and It is stored in local original accumulated value accFIt calculates and updates accumulated valueAnd send secondary deletion request messageGive auditing by third party person TPA;
3.4.2 double-strand dynamic Hash table and accumulated value) are updated:
Auditing by third party person TPA receives deletion request messageWith secondary deletion request messageLater, the 6th piece of corresponding position of version information is deleted from double-strand dynamic Hash table, is obtained more Double-strand dynamic Hash table after new, as shown in figure 4, wherein enable the new data block version information of storage be VI'=VI { (v6, t6)};And with update accumulated value accF'Replace original accumulated value accF
3.4.3 tag set) is updated:
Receiving deletion request message UCSPAfter=(delete, 6), cloud storage service provider CSP utilizes deleted data Block D#={ d6}={ 4 }, the label of all data blocks and storage in new file F' are updated using formula (6), specifically, such as formula (7) first data block d in new file is calculated1New label, similarly, remainder data block update status is as shown in table 4:
Enable the new tag set of all data blocks in new file F'
The tag update of 9 data blocks indicates in new file in 4 specific example of table
3.4.4 file set) is updated:
Cloud storage service provider CSP deletes the data block D of corresponding position X={ 6 } in file F#={ d6}={ 4 }, it obtains newly File F'=F D#
3.4.5 signature set) is updated:
Cloud storage service provider CSP deletes the signature of corresponding position, obtains signature set newly
3.5) delete verifying: whether verifying cloud storage service provider CSP correctly performs the operation of data deletion
3.5.1 challenge request) is generated:
The data block total block data for enabling new file F' is M=9, and auditing by third party person TPA utilizes challenge request algorithm ChalGen (9, c) → chal indexes random picking in set { 1,2 ..., 9 } from the data block of file F' and goes out c index, is denoted as chal= {s1,s2,…,sc}c≤9, be sent to cloud storage service provider CSP as challenge solicited message, wherein this c challenge index with Machine generates, and can not include the data block once challenged;
3.5.2) evidence generates:
Cloud storage service provider CSP using evidence generating algorithm ProofGen (F', Φ ', Ω ', chal, pub) → P, Audit evidence P is generated, specifically:
Cloud storage service provider CSP is as certifier, according to the file F' that is stored on its server and its corresponding Challenge information chal={ the s for updating signature set and tag set { F', Φ ', Ω ' } and receiving1,s2,…,sc}c≤11, raw At update experimental evidence P=(ω, σ, τ), wherein
Then evidence P=(ω, σ, τ) is executed as dynamic delete operation proves the person TPA that is sent to auditing by third party;
3.5.3) proof validation:
Auditing by third party person TPA using verification algorithm ProofCheck (P, chal, VI', pk) → { TRUE/FALSE } into Row verifying, specifically:
Auditing by third party person TPA is according to the information VI' after update in double-strand dynamic Hash table to all data blocks of challenge Corresponding version information calculates cryptographic Hash { H (vi||ti)|i∈chal};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third Whether square audit person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, cloud storage service mentions Dynamic is performed as required and is deleted for quotient CSP updates operation;Otherwise FALSE is exported, indicates that cloud storage service provider CSP is not pressed Operation is updated it is required that executing dynamic and deleting.
Embodiment 4: dynamic update is carried out on the basis of original storage file and is verified: modification data block
4.1) modification prepares:
4.1.1) data owner DO determines the location index set X={ 8 } in file F by modification data block, and wherein X is The subset of the location index set { 1,2 ..., 10 } of file F;Data owner DO determines the modified data in these positions simultaneously Set of blocksSpecifically describe are as follows: modification file F the 8th piece of data block be
4.1.2 data block D after) modifying*Version information initialization:
Data owner DO utilizes data version information initialization algorithm VIGen (D*)→(VI*) create number after all modifications According to the corresponding version information of blockWhereinWithRespectively indicate data block after modifyingVersion information and build Timestamp when vertical version information;
4.1.3 modification data block signature) is generated:
Data owner DO utilizes signature generating algorithm SigGen (D*,VI*,sk,pub)→(Φ*) calculate all modifications after The corresponding signature of data block, signatureIt enablesIndicate the corresponding label of data block after modifying Name set;
4.2) modification request:
Data owner DO sends modification request message U to cloud storage service provider CSPCSP=(modify, X, D*, Φ*), i.e. UCSP=(modify, 8, D**), and another modification request message is sent to auditing by third party person TPAI.e.Wherein modify indicates modification operation requests;
4.3) data block before modifying is returned:
Cloud storage service provider CSP is receiving modification request message UCSP=(modify, 8, D**) after, to data Owner DO returns the data block of corresponding position, i.e. the 8th piece of data block d8=11, the set of data blocks before enabling modification is combined into D^= {d8}={ 11 }, i.e. cloud storage service provider CSP returns D to data owner DO^={ d8}={ 11 }, new document form It is expressed as
4.4) modification updates
4.4.1) more new data block accumulated value:
Data owner DO is according to data block set D before modifying^={ d8}={ 11 }, modification after data blockAnd it is stored in local original accumulated value accFIt calculates and updates accumulated valueAnd Send secondary modification request messageGive auditing by third party person TPA;
4.4.2 double-strand dynamic Hash table and accumulated value) are updated:
Auditing by third party person TPA receives modification request messageWith secondary modification request messageLater, the 8th piece of corresponding position X={ 8 } in double-strand dynamic Hash table of version information is usedReplacement, obtains updated double-strand dynamic Hash table, as shown in figure 5, enabling modified data block set pair The version information answered be VI'=VI { (v8,t8)}∪VI*, and with update accumulated value accF'Replace original accumulated value accF
4.4.3 tag set) is updated:
Receiving modification request message UCSP=(modify, 8, D**) after, cloud storage service provider CSP is according to modification Preceding data block set D^={ d8}={ 11 } and modification after data block setNew text is updated using formula (8) All pieces of labels not being modified in part simultaneously store, specifically, such as the 1st data block d in formula (9) calculation document1It is new Label, similarly, remainder data block update status are as shown in table 5;And utilize data block after formula (10) calculating all modifications Label simultaneously stores:
All data block tag sets for enabling new file F' are
The 9 data block tag updates that do not modified in new file in 5 specific example of table indicate
4.4.4 file set) is updated:
Position in file F is the data block D of X={ 8 } by cloud storage service provider CSP^={ d8}={ 11 } it is revised asObtain new file
4.4.5 signature set) is updated:
Cloud storage service provider CSP is usedThe signature for replacing corresponding position data block, obtains signature set newly
4.5) modification verifying: whether verifying cloud storage service provider CSP correctly performs the operation of data modification
4.5.1 challenge request) is generated:
The data block total block data for enabling new file F' is M=10, and auditing by third party person TPA utilizes challenge request algorithm ChalGen (10, c) → chal indexes random picking in set { 1,2 ..., 10 } from the data block of file F' and goes out c index, remembers For chal={ s1,s2,…,sc}c≤10, cloud storage service provider CSP is sent to as challenge solicited message, wherein this c Challenge index is random to be generated, and can not include the data block once challenged;
4.5.2) evidence generates:
Cloud storage service provider CSP using evidence generating algorithm ProofGen (F', Φ ', Ω ', chal, pub) → P, Audit evidence P is generated, specifically:
Cloud storage service provider CSP is as certifier, according to the file F' that is stored on its server and its corresponding Challenge information chal={ the s for updating signature set and tag set { F', Φ ', Ω ' } and receiving1,s2,…,sc}c≤11, raw At update experimental evidence P=(ω, σ, τ), wherein
Then evidence P=(ω, σ, τ) is executed as dynamic modification operation proves the person TPA that is sent to auditing by third party;
4.5.3) proof validation:
Auditing by third party person TPA using verification algorithm ProofCheck (P, chal, VI', pk) → { TRUE/FALSE } into Row verifying, specifically:
Auditing by third party person TPA is according to the information VI' after update in double-strand dynamic Hash table to all data blocks of challenge Corresponding version information calculates cryptographic Hash { H (vi||ti)|i∈chal};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third Whether square audit person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, cloud storage service mentions Dynamic modification is performed as required for quotient CSP updates operation;Otherwise FALSE is exported, indicates that cloud storage service provider CSP is not pressed It is required that executing dynamic modification updates operation.
For the essential core step of properer simulation the method for the present invention, therefore the bigger experiment mould of numerical value is carried out It is quasi-.By experiment simulation and analysis based on the library PBC platform, it can be seen that performance is more excellent compared with prior art for the method for the present invention It is good, realize low communication expense, low computing cost, low storage overhead.Specific comparing result is as illustrated in figures 6-10.
Wherein Fig. 6 is the method for the present invention figure compared with prior art traffic caused by memory phase, can from Fig. 6 To find out that the traffic of the invention caused by memory phase is relatively low;Fig. 7 is the method for the present invention and the prior art in audit rank The traffic caused by section compares figure, is not difficult to find out the method for the present invention traffic caused by audit phase very from Fig. 7 It is low, compared to for other technologies this be a very big advantage;Fig. 8 is the method for the present invention and the prior art needed for memory phase Calculating cost compare figure, as can be seen from Figure 8 calculating cost of the method for the present invention needed for memory phase is minimum, this for It is very important an advantage for the limited data owner DO of computing resource, this will be more suitable for the limited use of resource Family;Fig. 9 is the method for the present invention figure compared with the calculating cost when prior art is in cloud service provider CSP generation evidence, from Fig. 9 In it is not difficult to find out that the method for the present invention in cloud service provider CSP generate evidence calculating cost it is minimum, this is conducive to cloud service and mentions For quotient CSP, more rapidly it is located in because being able to achieve for the cloud service provider for needing to be implemented multitask in practical situations Manage audit task;Figure 10 is the ratio that the method for the present invention and the prior art calculate cost in auditing by third party person's TPA experimental evidence Compared with figure, it is not difficult to find out that calculating cost of the method for the present invention in auditing by third party person's TPA experimental evidence is very low from Figure 10, this Auditing by third party person will be allowed with the less verifying for calculating cost and just completing audit evidence, this has very important reality Meaning.

Claims (6)

1. a kind of open cloud auditing method of anti-leakage, comprising the following steps:
1) it establishes
1.1) system parameter generates:
Cloud storage service provider CSP utilizes parameter generation algorithm ParamGen (1k)→(p,G,GT, g, e, H, N) and generate system Parameter cp simultaneously discloses system parameter generated, specifically:
System parameter cp=(p, G, GT, g, e, H, N), wherein Big prime p value is determined by security parameter k, G, GTIt is that rank is The multiplicative cyclic group of Big prime p, the generation member that g is multiplicative cyclic group G, e:G × G → GTIt is a bilinear map, H:{ 0,1 }* → G is the hash function of a cryptography safety, positive integer N < 2p
1.2) key generates:
Data owner DO utilizes key scheduleKey is generated, specifically:
Select two random number α ← ZpWith random number γ ← Zp
U ← g is calculatedα, and then obtain private key sk=(alpha, gamma) and public key
Data owner's DO initialization value
Calculate open parameter
Open parameter pub;
2) it stores
2.1) storage prepares:
2.1.1) file block:
Data owner DO utilizes block algorithm FileSplit (F, n) → (d1,d2,…,dn) piecemeal is carried out to file F, specifically Are as follows:
File F is divided for n block { d1,d2,…,dn, wherein di∈ZpAnd di≤ N, i=1,2 ..., n, file F are expressed as F={ d1, d2,…,dn, corresponding data block indexed set is combined into { 1,2 ..., n };
2.1.2) data block version information initializes:
Data owner DO creates the version of all data blocks using data version information initialization algorithm VIGen (F) → (VI) Information, specifically:
Version information the VI={ (v of data blocki,ti) | i=1,2 ..., n }, wherein viAnd tiRespectively indicate data block diVersion Information and timestamp when establishing version information;
2.1.3 data block accumulated value) is generated:
Data owner DO utilizes accumulated value generating algorithm AccGen (F, pub) → accFThe accumulated value of all data blocks is calculated, is had Body are as follows:
Calculate accumulated value
2.1.4 data block signature) is generated:
Data owner DO is corresponding using all data blocks of signature generating algorithm SigGen (F, VI, sk, pub) → (Φ) calculating Signature, specifically:
Calculate the signature
It enablesIndicate the corresponding signature set of all data blocks;
2.2) distribute:
Data owner DO is by file F={ d1,d2,…,dnAnd signature setIt is sent to cloud storage Service provider CSP, cloud storage service provider CSP are corresponded to the content of sequential storage file F and signature set Φ by data block; Data owner DO is by version information the VI={ (v of data block simultaneouslyi,ti) | i=1,2 ..., n } and accumulated valueVersion information is added to double-strand by the person TPA that is sent to auditing by third party, auditing by third party person TPA It is stored in dynamic Hash table, and the accumulated value acc of storing data blockF;Determine cloud storage service provider CSP and auditing by third party After person TPA is stored successfully, data owner DO retains acc from middle deletion { F, Φ, VI } is locally storedF
2.3) data block label is generated:
Cloud storage service provider CSP generates each data using data block label generating algorithm TagGen (F, pub) → (Ω) Block diCorresponding labelWherein i=1,2 ..., n, specifically:
Calculate label
It enablesIndicate the corresponding tag set of all data blocks;
Cloud storage service provider CSP stores tag set Ω;
3) it audits
3.1) challenge request is generated:
Auditing by third party person TPA generates audit challenge using challenge request algorithm ChalGen (n, c) → chal, specifically:
Random picking in set { 1,2 ..., n } is indexed from the data block of file F and goes out c index, is denoted as chal={ s1,s2,…, sc}c≤n, cloud storage service provider CSP is sent to as challenge solicited message;
3.2) evidence generates:
Cloud storage service provider CSP utilizes evidence generating algorithm ProofGen (F, Φ, Ω, chal, pub) → P, generates complete Property evidence P, specifically:
Cloud storage service provider CSP collects as certifier according to the file being stored on its server and its corresponding signature It closes and tag set { F, Φ, Ω } and the challenge information chal={ s received1,s2,…,sc}c≤n, generate integrality evidence P= (ω, σ, τ), wherein
Then by integrality evidence P=(ω, σ, τ) as the integrity certification of the storing data person TPA that is sent to auditing by third party;
3.3) proof validation:
Auditing by third party person TPA is tested using verification algorithm ProofCheck (P, chal, VI, pk) → { TRUE/FALSE } Card, specifically:
Auditing by third party person TPA is according to the information VI in double-strand dynamic Hash table, to the corresponding version of all data blocks of challenge Information calculates cryptographic Hash { H (vi||ti)|i∈chal};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third party examines Whether meter person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, integrity verification passes through;It is no FALSE is then exported, indicates authentication failed.
2. a kind of anti-leakage for supporting the full dynamic parallel operation of user discloses cloud auditing method, comprising the following steps:
1) it establishes
1.1) system parameter generates:
Cloud storage service provider CSP utilizes parameter generation algorithm ParamGen (1k)→(p,G,GT, g, e, H, N) and generate system Parameter cp simultaneously discloses system parameter generated, specifically:
System parameter cp=(p, G, GT, g, e, H, N), wherein Big prime p value is determined by security parameter k, G, GTIt is that rank is The multiplicative cyclic group of Big prime p, the generation member that g is multiplicative cyclic group G, e:G × G → GTIt is a bilinear map, H:{ 0,1 }* → G is the hash function of a cryptography safety, positive integer N < 2p
1.2) key generates:
Data owner DO utilizes key scheduleKey is generated, specifically:
Select two random number α ← ZpWith random number γ ← Zp
U ← g is calculatedα, and then obtain private key sk=(alpha, gamma) and public key
Data owner's DO initialization value
Calculate open parameter
Open parameter pub;
2) it stores
2.1) storage prepares:
2.1.1) file block:
Data owner DO utilizes block algorithm FileSplit (F, n) → (d1,d2,…,dn) piecemeal is carried out to file F, specifically Are as follows:
File F is divided for n block { d1,d2,…,dn, wherein di∈ZpAnd di≤ N, i=1,2 ..., n, file F are expressed as F={ d1, d2,…,dn, corresponding data block indexed set is combined into { 1,2 ..., n };
2.1.2) data block version information initializes:
Data owner DO creates the version of all data blocks using data version information initialization algorithm VIGen (F) → (VI) Information, specifically:
Version information the VI={ (v of data blocki,ti) | i=1,2 ..., n }, wherein viAnd tiRespectively indicate data block diVersion Information and timestamp when establishing version information;
2.1.3 data block accumulated value) is generated:
Data owner DO utilizes accumulated value generating algorithm AccGen (F, pub) → accFThe accumulated value of all data blocks is calculated, is had Body are as follows:
Calculate accumulated value
2.1.4) generate data block signature:
Data owner DO is corresponding using all data blocks of signature generating algorithm SigGen (F, VI, sk, pub) → (Φ) calculating Signature, specifically:
Calculate the signature
It enablesIndicate the corresponding signature set of all data blocks;
2.2) distribute:
Data owner DO is by file F={ d1,d2,…,dnAnd signature setIt is sent to cloud storage Service provider CSP, cloud storage service provider CSP are corresponded to the content of sequential storage file F and signature set Φ by data block; Data owner DO is by version information the VI={ (v of data block simultaneouslyi,ti) | i=1,2 ..., n } and accumulated valueVersion information is added to double-strand by the person TPA that is sent to auditing by third party, auditing by third party person TPA It is stored in dynamic Hash table, and the accumulated value acc of storing data blockF;Determine cloud storage service provider CSP and auditing by third party After person TPA is stored successfully, data owner DO retains acc from middle deletion { F, Φ, VI } is locally storedF
2.3) data block label is generated:
Cloud storage service provider CSP generates each data using data block label generating algorithm TagGen (F, pub) → (Ω) Block diCorresponding labelWherein i=1,2 ..., n, specifically:
Calculate label
It enablesIndicate the corresponding tag set of all data blocks;
Cloud storage service provider CSP stores tag set Ω;
3) dynamic updates: carrying out dynamic operation and updating related data to stored file F, obtains new file F' and corresponding Related data after update;
4) dynamic updates verifying: whether verifying cloud storage service provider CSP correctly performs the operation of data update.
3. the anti-leakage according to claim 2 for supporting the full dynamic parallel operation of user discloses cloud auditing method, feature It is:
It is insertion data block that step 3) dynamic, which updates operation, specifically:
3.a1) insertion prepares:
3.a1.1) data owner DO determines the insertion data block in insertion file FNew document form Change is expressed as F'=F ∪ D*;Data owner DO is determined after the insertion position in file F indexes set X and each position Set Y composed by the quantity of data block will be inserted into, wherein X be file F index set { 1,2 ..., n } subset X= {i1,i2,…,ix, 1≤x≤m,Indicate that each position in X will be inserted into the number of data block later Amount, whereinAndIt specifically describes are as follows: in file F i-th1It is inserted into after block A data block, i-th2It is inserted into after blockA data block ..., i-thxBlock after be inserted intoA data block;
3.a1.2) insertion data block D*Version information initialization:
Data owner DO utilizes data version information initialization algorithm VIGen (D*)→(VI*) all insertion data blocks pair of creation The version information answeredWhereinWithRespectively indicate insertion data blockVersion information and Establish timestamp when version information;
3.a1.3) more new data block accumulated value:
Data owner DO utilizes insertion data block D*Be stored in local original accumulated value accFIt calculates and updates accumulated value
3.a1.4) generate insertion data block signature:
Data owner DO utilizes signature generating algorithm SigGen (D*,VI*,sk,pub)→(Φ*) calculate all insertion data blocks Corresponding signature, signatureIt enablesIndicate all It is inserted into the corresponding signature set of data block;
3.a2) insertion request:
Data owner DO sends insertion request message U to cloud storage service provider CSPCSP=(insert, X, Y, D**), And another insertion request message U is sent to auditing by third party person TPATPA=(insert, X, Y, VI*,accF'), wherein Insert indicates insertion operation request;
3.a3) insertion updates:
3.a3.1) update double-strand dynamic Hash table and accumulated value:
Auditing by third party person TPA receives insertion request message UTPA=(insert, X, Y, VI*,accF') after, data will be inserted into The version information VI of block*Opsition dependent, which is added in double-strand dynamic Hash table, to be stored, and double-strand dynamic Hash table, order are deposited after being updated The new data block version information of storage is VI'=VI ∪ VI*;And with update accumulated value accF'Replace original accumulated value accF
3.a3.2) update file set:
Receiving request UCSP=(insert, X, Y, D**) after, cloud storage service provider CSP wants summed data according to insertion Block sequence willInsertion storage is carried out, i.e., in file F i-th1It is inserted into after blockA data block, i-th2Block It is inserted into laterA data block ..., i-thxBlock after be inserted intoA data block, wherein the data block being inserted into according toSequence, and export new file F'=F ∪ D*
3.a3.3) update tag set:
Cloud storage service provider CSP updates the label of all data blocks and storage in original F using formula (1), utilizes public affairs Formula (2) calculates the label of all new insertion data blocks and storage:
It enablesIndicate the corresponding label of all data blocks of update file F' Set;
3.3a.4) update signature set:
Cloud storage service provider CSP will be inserted into the corresponding signature of data blockBy insertion requirement addition Into signature set, new signature set Φ '=Φ ∪ Φ is enabled*
4. the anti-leakage according to claim 2 for supporting the full dynamic parallel operation of user discloses cloud auditing method, feature It is:
It is to delete data block that step 3) dynamic, which updates operation, specifically:
It 3.b1) deletes and prepares:
Data owner DO determines the data block location index set X deleted from file F, and wherein X is the location index of file F Gather the subset of { 1,2 ..., n }, X={ i1,i2,…,im, m≤n is specifically described are as follows: will delete the i-th of file F1Block number evidence Block, i-th2Block data block ..., i-thmBlock data block;
3.b2) removal request:
Data owner DO sends deletion request message U to cloud storage service provider CSPCSP=(delete, X), and to third Square audit person TPA sends another deletion request messageWherein delete indicates delete operation request;
It 3.b3) returns and deletes data block:
Deletion set of data blocks is enabled to be combined intoCloud storage service provider CSP is receiving deletion request message UCSPAfter=(delete, X), is returned to data owner DO and delete data block setI.e. i-th1 Block data blockI-th2Block data block..., i-thmBlock data blockNew document form be expressed as F'=F D#
It 3.b4) deletes and updates
3.b4.1) more new data block accumulated value:
The deletion data block set that data owner DO utilizes cloud storage service provider CSP to return Be stored in local original accumulated value accFIt calculates and updates accumulated valueAnd send secondary deletion Request messageGive auditing by third party person TPA;
3.b4.2) update double-strand dynamic Hash table and accumulated value:
Auditing by third party person TPA receives deletion request messageWith secondary deletion request messageLater, by corresponding position X={ i1,i2,…,imVersion information deleted from double-strand dynamic Hash table It removes, obtains updated double-strand dynamic Hash table, wherein enabling the new data block version information of storage beAnd with update accumulated value accF'Replace original accumulated value accF
3.b4.3) update tag set:
Receiving deletion request message UCSPAfter=(delete, X), cloud storage service provider CSP utilizes deleted data blockThe label of all data blocks and storage in new file F' are updated using formula (3):
Enable the new tag set of all data blocks in new file F'
3.b4.4) update file set:
Cloud storage service provider CSP deletes corresponding position X={ i in file F1,i2,…,imData blockNew file F'=F D#
3.b4.5) update signature set:
Cloud storage service provider CSP deletes the signature of corresponding position, obtains signature set newly
5. the anti-leakage according to claim 2 for supporting the full dynamic parallel operation of user discloses cloud auditing method, feature It is:
It is modification data block that step 3) dynamic, which updates operation, specifically:
3.c1) modification prepares:
3.c1.1) data owner DO determines the location index set X in file F by modification data block, and wherein X is file F's Subset X={ i of location index set { 1,2 ..., n }1,i2,…,im, m≤n;Data owner DO determines these positions simultaneously Modified data block setIt specifically describes are as follows: the i-th of modification file F1Block data block is I-th2Block data block is..., i-thmBlock data block is
Data block D after 3.c1.2) modifying*Version information initialization:
Data owner DO utilizes data version information initialization algorithm VIGen (D*)→(VI*) create data block after all modifications Corresponding version informationWhereinWithRespectively indicate data block after modifyingVersion Information and timestamp when establishing version information;
3.c1.3) generate modification data block signature:
Data owner DO utilizes signature generating algorithm SigGen (D*,VI*,sk,pub)→(Φ*) calculate data after all modifications The corresponding signature of block, signatureIt enablesIt indicates The corresponding signature set of data block after all modifications;
3.c2) modification request:
Data owner DO sends modification request message U to cloud storage service provider CSPCSP=(modify, X, D**), and Another modification request message is sent to auditing by third party person TPAWherein modify indicates modification Operation requests;
3.c3) return to data block before modifying:
Cloud storage service provider CSP is receiving modification request message UCSP=(modify, X, D**) after, possess to data The data block of person DO return corresponding position, i.e., i-th1Block data blockI-th2Block data block..., i-thmBlock data blockIt enables Set of data blocks before modification is combined intoI.e. cloud storage service provider CSP is returned to data owner DO AlsoNew document form be expressed as F'=(F D^)∪D*
3.c4) modification updates
3.c4.1) more new data block accumulated value:
Data owner DO is according to data block set before modifyingData block after modificationAnd it is stored in local original accumulated value accFIt calculates and updates accumulated valueAnd send secondary modification request messageIt is examined to third party Meter person TPA;
3.c4.2) update double-strand dynamic Hash table and accumulated value:
Auditing by third party person TPA receives modification request messageWith secondary modification request messageLater, by corresponding position X={ i in double-strand dynamic Hash table1,i2,…,imVersion information useReplacement, obtains updated double-strand dynamic Hash table, enables modified data block set Corresponding version information isAnd with update accumulated value accF'It replaces original cumulative Value accF
3.c4.3) update tag set:
Receiving modification request message UCSP=(modify, X, D**) after, cloud storage service provider CSP is according to number before modification According to set of blocksWith data block set after modificationIt is updated using formula (4) All data block labels for not modified in new file F' simultaneously store, and formula (5) is recycled to calculate the mark of modified data block It signs and stores:
All data block tag sets for enabling new file F' are
3.c4.4) update file set:
Position in file F is X={ i by cloud storage service provider CSP1,i2,…,imData blockIt is revised asNew file F'=(F D^)∪D*
3.c4.5) update signature set:
Cloud storage service provider CSP is usedThe signature for replacing corresponding position data block, obtains label newly Name set
6. the anti-leakage operated according to the full dynamic parallel of support user described in Claims 2 or 3 or 4 or 5 discloses cloud auditing party Method, it is characterised in that:
Whether step 4) verifying cloud storage service provider CSP correctly performs the operation of data update, specifically includes:
4.1) challenge request is generated:
Enable the data block total block data of new file F' for M, auditing by third party person TPA utilization challenge request algorithm ChalGen (M, c) → Chal indexes random picking in set { 1,2 ..., M } from the data block of file F' and goes out c index, is denoted as chal={ s1, s2,…,sc}c≤M, cloud storage service provider CSP is sent to as challenge solicited message, wherein this c challenge index is random It generates, can not include the data block once challenged;
4.2) evidence generates:
Cloud storage service provider CSP is generated using evidence generating algorithm ProofGen (F', Φ ', Ω ', chal, pub) → P Audit evidence P, specifically:
Cloud storage service provider CSP is as certifier, according to the file F' and its corresponding update being stored on its server Signature set and tag set { F', Φ ', Ω ' } and the challenge information chal={ s received1,s2,…,sc}c≤M, generate and update Experimental evidence P=(ω, σ, τ), wherein
Then evidence P=(ω, σ, τ) is executed as dynamic operation proves the person TPA that is sent to auditing by third party;
4.3) proof validation:
Auditing by third party person TPA is tested using verification algorithm ProofCheck (P, chal, VI', pk) → { TRUE/FALSE } Card, specifically:
Auditing by third party person TPA is corresponding according to all data blocks of the information VI' after update in double-strand dynamic Hash table to challenge Version information calculate cryptographic Hash { H (vi||ti)|i∈chal};
Equation one is examined to verify the legitimacy of τ:
Examine equation one
If examining equation one invalid, auditing by third party person TPA exports FALSE, indicates authentication failed;Otherwise, third party examines Whether meter person TPA examines equation two true again:
Examine equation two
If equation two is examined to set up, auditing by third party person TPA exports TRUE, indicates to be proved to be successful, cloud storage service provider CSP performs dynamic as required and updates operation;Otherwise FALSE is exported, indicates that cloud storage service provider CSP is not executed as required Dynamic updates operation.
CN201811638170.7A 2018-12-29 2018-12-29 Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user Active CN109525403B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811638170.7A CN109525403B (en) 2018-12-29 2018-12-29 Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811638170.7A CN109525403B (en) 2018-12-29 2018-12-29 Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user

Publications (2)

Publication Number Publication Date
CN109525403A true CN109525403A (en) 2019-03-26
CN109525403B CN109525403B (en) 2021-11-02

Family

ID=65798589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811638170.7A Active CN109525403B (en) 2018-12-29 2018-12-29 Anti-leakage public cloud auditing method supporting full-dynamic parallel operation of user

Country Status (1)

Country Link
CN (1) CN109525403B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049033A (en) * 2019-04-10 2019-07-23 南京信息工程大学 A kind of cloud auditing method for supporting business data dynamic operation
CN111737708A (en) * 2020-05-26 2020-10-02 桂林电子科技大学 Verifiable deletion method and system supporting efficient update of outsourced data
CN111898164A (en) * 2020-07-02 2020-11-06 武汉纺织大学 Data integrity auditing method supporting tag block chain storage and query
CN112261020A (en) * 2020-10-15 2021-01-22 中国电子科技集团公司第五十四研究所 Distributed remote outsourcing data auditing system and method
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN113656840A (en) * 2021-07-16 2021-11-16 北京航空航天大学杭州创新研究院 Dynamic integrity verification method with accountability
CN114398648A (en) * 2021-12-10 2022-04-26 西安电子科技大学 Practical cloud storage method and system supporting dynamic operation and multi-user storage certification
CN116451270A (en) * 2023-03-31 2023-07-18 南京航空航天大学 Method for verifying deterministic deletion of data in cloud storage

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255916A (en) * 2011-07-26 2011-11-23 中国科学院计算机网络信息中心 Access authentication method, device, server and system
CN103227780A (en) * 2013-03-28 2013-07-31 东南大学 Method for designing public auditable storage verifiable scheme for cloud data
US20150020180A1 (en) * 2013-07-15 2015-01-15 Peer Intelligence Technology Limited Wireless two-factor authentication, authorization and audit system with close proximity between mass storage device and communication device
CN104994110A (en) * 2015-07-16 2015-10-21 电子科技大学 Method for assigning verifier for auditing cloud storage data
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255916A (en) * 2011-07-26 2011-11-23 中国科学院计算机网络信息中心 Access authentication method, device, server and system
CN103227780A (en) * 2013-03-28 2013-07-31 东南大学 Method for designing public auditable storage verifiable scheme for cloud data
US20150020180A1 (en) * 2013-07-15 2015-01-15 Peer Intelligence Technology Limited Wireless two-factor authentication, authorization and audit system with close proximity between mass storage device and communication device
CN104994110A (en) * 2015-07-16 2015-10-21 电子科技大学 Method for assigning verifier for auditing cloud storage data
CN108229208A (en) * 2018-01-08 2018-06-29 华侨大学 A kind of public audit method of more copy datas in cloud storage service

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049033A (en) * 2019-04-10 2019-07-23 南京信息工程大学 A kind of cloud auditing method for supporting business data dynamic operation
CN112311548A (en) * 2020-03-25 2021-02-02 北京沃东天骏信息技术有限公司 Data possession verification method, system, apparatus, and computer-readable storage medium
CN111737708A (en) * 2020-05-26 2020-10-02 桂林电子科技大学 Verifiable deletion method and system supporting efficient update of outsourced data
CN111737708B (en) * 2020-05-26 2024-01-12 桂林电子科技大学 Verifiable deleting method and system supporting efficient update of outsourced data
CN111898164A (en) * 2020-07-02 2020-11-06 武汉纺织大学 Data integrity auditing method supporting tag block chain storage and query
CN111898164B (en) * 2020-07-02 2024-03-29 武汉纺织大学 Data integrity auditing method supporting label block chain storage and query
CN112261020A (en) * 2020-10-15 2021-01-22 中国电子科技集团公司第五十四研究所 Distributed remote outsourcing data auditing system and method
CN113656840A (en) * 2021-07-16 2021-11-16 北京航空航天大学杭州创新研究院 Dynamic integrity verification method with accountability
CN113656840B (en) * 2021-07-16 2024-01-02 北京航空航天大学杭州创新研究院 Dynamic integrity verification method with accountability
CN114398648A (en) * 2021-12-10 2022-04-26 西安电子科技大学 Practical cloud storage method and system supporting dynamic operation and multi-user storage certification
CN116451270A (en) * 2023-03-31 2023-07-18 南京航空航天大学 Method for verifying deterministic deletion of data in cloud storage

Also Published As

Publication number Publication date
CN109525403B (en) 2021-11-02

Similar Documents

Publication Publication Date Title
CN109525403A (en) A kind of anti-leakage that supporting user&#39;s full dynamic parallel operation discloses cloud auditing method
Ng et al. Private data deduplication protocols in cloud storage
CN110912706B (en) Identity-based dynamic data integrity auditing method
Wang et al. Privacy-preserving public auditing for data storage security in cloud computing
Wei et al. SecCloud: Bridging secure storage and computation in cloud
Guo et al. Outsourced dynamic provable data possession with batch update for secure cloud storage
Fu et al. DIPOR: An IDA-based dynamic proof of retrievability scheme for cloud storage systems
CN110263584B (en) Block chain-based data integrity auditing method and system
Lewko et al. Why proving HIBE systems secure is difficult
WO2018211446A1 (en) Cryptographic key-generation with application to data deduplication
CN108400981A (en) The public cloud auditing system and method for lightweight and secret protection in smart city
CN113312574A (en) Cloud data integrity auditing method based on block chain
CN111901320B (en) Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack
CN110365469A (en) It is a kind of support data-privacy protect cloud storage in data integrity verification method
CN110505067A (en) Processing method, device, equipment and the readable storage medium storing program for executing of block chain
Huang et al. Certificateless public verification scheme with privacy-preserving and message recovery for dynamic group
Gudeme et al. Review of remote data integrity auditing schemes in cloud computing: taxonomy, analysis, and open issues
Mishra et al. Dynamic large branching hash tree based secure and efficient dynamic auditing protocol for cloud environment
CN109743327B (en) Certificateless cloud storage based integrity public verification method for shared data
Xie et al. A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices
Mishra et al. BB-tree based secure and dynamic public auditing convergence for cloud storage
Liu et al. A blockchain-based compact audit-enabled deduplication in decentralized storage
CN110377225A (en) A method of it supporting the transfer of outsourcing data safety and can verify that deletion
Servan-Schreiber et al. Private access control for function secret sharing
Xu et al. A generic integrity verification algorithm of version files for cloud deduplication data storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20211014

Address after: 714000 group 2, xishangguan village, Mizi Township, Fuping County, Weinan City, Shaanxi Province

Applicant after: Liu Jiaojiao

Address before: No.199, Chang'an South Road, changyanbao office, Yanta District, Xi'an City, Shaanxi Province, 710064

Applicant before: Shaanxi Normal University

Effective date of registration: 20211014

Address after: 510000 Room 401, zone C3, innovation building, No. 182, science Avenue, Science City, high tech Industrial Development Zone, Guangzhou, Guangdong

Applicant after: Guangzhou Yixin Technology Co.,Ltd.

Address before: 714000 group 2, xishangguan village, Mizi Township, Fuping County, Weinan City, Shaanxi Province

Applicant before: Liu Jiaojiao

GR01 Patent grant
GR01 Patent grant